[Everyone] Fwd: recent SSL3 vulnerability in browsers (POODLE)
Jim Nakatsuka
jnakatsu at igpp.ucla.edu
Wed Oct 22 15:35:39 PDT 2014
FYI. Small adjustments you should make in your browser settings to safeguard against this vulnerability.
----- Original Message -----
From: "Bill Harris" <bharris at igpp.ucla.edu>
To: "Jim Nakatsuka" <jnakatsu at igpp.ucla.edu>
Sent: Wednesday, October 22, 2014 2:52:31 PM
Subject: recent SSL3 vulnerability in browsers (POODLE)
A vulnerability was found in Secure Sockets Layer version 3 (SSL3), an encryption scheme for securing browser connections. It allows someone intercepting the browser traffic to capture useable data. SSL3 is considered outdated and only used if better encryption protocols can't be started. Software makers are moving towards disabling it in all future releases.
For further info and to test if your browser is vulnerable: https://www.poodletest.com/
To adjust your browser to avoid the vulnerability:
Internet Explorer: "Tools" menu -> "Advanced" tab -> in the list: uncheck "Security Use SSL 3.0" this option is near the bottom
Firefox: Browser update not yet available. In Firefox, download and install add-in: SSL Version Control at: https://addons.mozilla.org/en-US/firefox/addon/ssl-version-control/
Chrome: there is no direct way to disable SSL3, Google will patch soon.. Recent versions of Chrome default to a different protocol.
Safari: update OS X to 'Yosemite'
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.igpp.ucla.edu/pipermail/everyone/attachments/20141022/b50e8e94/attachment.html>
More information about the Everyone
mailing list